<!DOCTYPE html>
<html lang="en">
<head>
	<meta charset="UTF-8">
	<meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1">
	<title>OpenID Connect logout API | ElasticSearch 7.7 权威指南中文版</title>
	<meta name="keywords" content="ElasticSearch 权威指南中文版, elasticsearch 7, es7, 实时数据分析，实时数据检索" />
    <meta name="description" content="ElasticSearch 权威指南中文版, elasticsearch 7, es7, 实时数据分析，实时数据检索" />
    <!-- Give IE8 a fighting chance -->
    <!--[if lt IE 9]>
    <script src="https://oss.maxcdn.com/html5shiv/3.7.2/html5shiv.min.js"></script>
    <script src="https://oss.maxcdn.com/respond/1.4.2/respond.min.js"></script>
    <![endif]-->
	<link rel="stylesheet" type="text/css" href="../static/styles.css" />
	<script>
	var _link = 'security-api-oidc-logout.html';
    </script>
</head>
<body>
<div class="main-container">
    <section id="content">
        <div class="content-wrapper">
            <section id="guide" lang="zh_cn">
                <div class="container">
                    <div class="row">
                        <div class="col-xs-12 col-sm-8 col-md-8 guide-section">
                            <div style="color:gray; word-break: break-all; font-size:12px;">原英文版地址: <a href="https://www.elastic.co/guide/en/elasticsearch/reference/7.7/security-api-oidc-logout.html" rel="nofollow" target="_blank">https://www.elastic.co/guide/en/elasticsearch/reference/7.7/security-api-oidc-logout.html</a>, 原文档版权归 www.elastic.co 所有<br/>本地英文版地址: <a href="../en/security-api-oidc-logout.html" rel="nofollow" target="_blank">../en/security-api-oidc-logout.html</a></div>
                        <!-- start body -->
                  <div class="page_header">
<strong>重要</strong>: 此版本不会发布额外的bug修复或文档更新。最新信息请参考 <a href="https://www.elastic.co/guide/en/elasticsearch/reference/current/index.html" rel="nofollow">当前版本文档</a>。
</div>
<div id="content">
<div class="breadcrumbs">
<span class="breadcrumb-link"><a href="index.html">Elasticsearch Guide [7.7]</a></span>
»
<span class="breadcrumb-link"><a href="rest-apis.html">REST APIs</a></span>
»
<span class="breadcrumb-link"><a href="security-api.html">Security APIs</a></span>
»
<span class="breadcrumb-node">OpenID Connect logout API</span>
</div>
<div class="navheader">
<span class="prev">
<a href="security-api-oidc-authenticate.html">« OpenID Connect authenticate API</a>
</span>
<span class="next">
<a href="security-api-saml-prepare-authentication.html">SAML prepare authentication API »</a>
</span>
</div>
<div class="section xpack">
<div class="titlepage"><div><div>
<h2 class="title">
<a id="security-api-oidc-logout"></a>OpenID Connect logout API<a class="edit_me edit_me_private" rel="nofollow" title="Editing on GitHub is available to Elastic" href="https://github.com/elastic/elasticsearch/edit/7.7/x-pack/docs/en/rest-api/security/oidc-logout-api.asciidoc">edit</a><a class="xpack_tag" href="https://www.elastic.co/subscriptions"></a>
</h2>
</div></div></div>
<p>Submits a request to invalidate a refresh token and an access token that was
generated as a response to a call to <code class="literal">/_security/oidc/authenticate</code>.</p>
<div class="section">
<div class="titlepage"><div><div>
<h3 class="title">
<a id="security-api-oidc-logout-request"></a>Request<a class="edit_me edit_me_private" rel="nofollow" title="Editing on GitHub is available to Elastic" href="https://github.com/elastic/elasticsearch/edit/7.7/x-pack/docs/en/rest-api/security/oidc-logout-api.asciidoc">edit</a>
</h3>
</div></div></div>
<p><code class="literal">POST /_security/oidc/logout</code></p>
</div>

<div class="section">
<div class="titlepage"><div><div>
<h3 class="title">
<a id="security-api-oidc-logout-desc"></a>Description<a class="edit_me edit_me_private" rel="nofollow" title="Editing on GitHub is available to Elastic" href="https://github.com/elastic/elasticsearch/edit/7.7/x-pack/docs/en/rest-api/security/oidc-logout-api.asciidoc">edit</a>
</h3>
</div></div></div>
<p>If the OpenID Connect authentication realm in Elasticsearch is accordingly configured,
the response to this call will contain a URI pointing to the End Session
Endpoint of the OpenID Connect Provider in order to perform Single Logout.</p>
<p>Elasticsearch exposes all the necessary OpenID Connect related functionality via the
OpenID Connect APIs. These APIs are used internally by Kibana in order to provide
OpenID Connect based authentication, but can also be used by other, custom web
applications or other clients. See also
<a class="xref" href="security-api-oidc-authenticate.html" title="OpenID Connect authenticate API">OpenID Connect authenticate API</a>
and
<a class="xref" href="security-api-oidc-prepare-authentication.html" title="OpenID Connect Prepare Authentication API">OpenID Connect prepare authentication API</a>.</p>
</div>

<div class="section">
<div class="titlepage"><div><div>
<h3 class="title">
<a id="security-api-oidc-logout-request-body"></a>Request body<a class="edit_me edit_me_private" rel="nofollow" title="Editing on GitHub is available to Elastic" href="https://github.com/elastic/elasticsearch/edit/7.7/x-pack/docs/en/rest-api/security/oidc-logout-api.asciidoc">edit</a>
</h3>
</div></div></div>
<div class="variablelist">
<dl class="variablelist">
<dt>
<span class="term">
<code class="literal">access_token</code>
</span>
</dt>
<dd>
(Required, string) The value of the access token to be invalidated as part of the logout.
</dd>
<dt>
<span class="term">
<code class="literal">refresh_token</code>
</span>
</dt>
<dd>
(Optional, string) The value of the refresh token to be invalidated as part of the logout.
</dd>
</dl>
</div>
</div>

<div class="section">
<div class="titlepage"><div><div>
<h3 class="title">
<a id="security-api-oidc-logout-example"></a>Examples<a class="edit_me edit_me_private" rel="nofollow" title="Editing on GitHub is available to Elastic" href="https://github.com/elastic/elasticsearch/edit/7.7/x-pack/docs/en/rest-api/security/oidc-logout-api.asciidoc">edit</a>
</h3>
</div></div></div>
<p>The following example performs logout</p>
<div class="pre_wrapper lang-console">
<pre class="programlisting prettyprint lang-console">POST /_security/oidc/logout
{
  "token" : "dGhpcyBpcyBub3QgYSByZWFsIHRva2VuIGJ1dCBpdCBpcyBvbmx5IHRlc3QgZGF0YS4gZG8gbm90IHRyeSB0byByZWFkIHRva2VuIQ==",
  "refresh_token": "vLBPvmAB6KvwvJZr27cS"
}</pre>
</div>
<div class="console_widget" data-snippet="snippets/2128.console"></div>
<p>The following example output of the response contains the URI pointing to the
End Session Endpoint of the OpenID Connect Provider with all the parameters of
the Logout Request, as HTTP GET parameters:</p>
<div class="pre_wrapper lang-js">
<pre class="programlisting prettyprint lang-js">{
  "redirect" : "https://op-provider.org/logout?id_token_hint=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c&amp;post_logout_redirect_uri=http%3A%2F%2Foidc-kibana.elastic.co%2Floggedout&amp;state=lGYK0EcSLjqH6pkT5EVZjC6eIW5YCGgywj2sxROO"
}</pre>
</div>
</div>

</div>
<div class="navfooter">
<span class="prev">
<a href="security-api-oidc-authenticate.html">« OpenID Connect authenticate API</a>
</span>
<span class="next">
<a href="security-api-saml-prepare-authentication.html">SAML prepare authentication API »</a>
</span>
</div>
</div>

                  <!-- end body -->
                        </div>
                        <div class="col-xs-12 col-sm-4 col-md-4" id="right_col">
                        
                        </div>
                    </div>
                </div>
            </section>
        </div>
    </section>
</div>
<script src="../static/cn.js"></script>
</body>
</html>